diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java index f817826d..8b67382b 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java @@ -92,13 +92,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity httpSecurity) throws Exception { + + // 搜寻 匿名标记 url: PreAuthorize("hasAnyRole('ROLE_ANONYMOUS')") 和 AnonymousAccess Map handlerMethodMap = applicationContext.getBean(RequestMappingHandlerMapping.class).getHandlerMethods(); Set anonymousUrls = new HashSet<>(); for (Map.Entry infoEntry : handlerMethodMap.entrySet()) { HandlerMethod handlerMethod = infoEntry.getValue(); AnonymousAccess anonymousAccess = handlerMethod.getMethodAnnotation(AnonymousAccess.class); PreAuthorize preAuthorize = handlerMethod.getMethodAnnotation(PreAuthorize.class); - // PreAuthorize("hasAnyRole('ROLE_ANONYMOUS')") 和 AnonymousAccess if (null != preAuthorize && preAuthorize.value().contains("ROLE_ANONYMOUS")) { anonymousUrls.addAll(infoEntry.getKey().getPatternsCondition().getPatterns()); } else if (null != anonymousAccess && null == preAuthorize) { @@ -140,8 +141,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers("/*/api-docs").anonymous() // swagger end - // 接口限流测试 - .antMatchers("/test/**").anonymous() // 文件 .antMatchers("/avatar/**").anonymous() .antMatchers("/file/**").anonymous() @@ -150,8 +149,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers(HttpMethod.OPTIONS, "/**").anonymous() .antMatchers("/druid/**").anonymous() - // 自定义匿名访问所有url放行 - .antMatchers(anonymousUrls.toArray(new String[0])).anonymous() + // 自定义匿名访问所有url放行 : 允许 匿名和带权限以及登录用户访问 + .antMatchers(anonymousUrls.toArray(new String[0])).permitAll() // 所有请求都需要认证 .anyRequest().authenticated() diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAuthorizationTokenFilter.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAuthorizationTokenFilter.java index 8ca24fdf..1693bcc1 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAuthorizationTokenFilter.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAuthorizationTokenFilter.java @@ -5,9 +5,7 @@ import lombok.extern.slf4j.Slf4j; import me.zhengjie.modules.security.utils.JwtTokenUtil; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; -import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; @@ -63,10 +61,6 @@ public class JwtAuthorizationTokenFilter extends OncePerRequestFilter { authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); SecurityContextHolder.getContext().setAuthentication(authentication); } - } else { -// AnonymousAuthenticationToken anonymousAuthenticationToken = new AnonymousAuthenticationToken("anonymous", "anonymousUser", AuthorityUtils.createAuthorityList(new String[]{"ROLE_ANONYMOUS"})); -// anonymousAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); -// SecurityContextHolder.getContext().setAuthentication(anonymousAuthenticationToken); } chain.doFilter(request, response); }